Warning: Undefined variable $publishedDate in /srv/users/serverpilot/apps/production/public/wp-content/themes/adapt/templates/single-post.php on line 18
Adam Cartwright, CISO at Australia Post explains how the organisation is strengthening cyber resilience, prioritising leadership, and reinforcing the basics to defend against today’s threats.
He stepped into a role that touches every Australian household.
With more than 4,500 post offices and a vital community mission, Australia Post is both a logistics giant and a government-owned enterprise.
Adam shared that the mission to serve communities strengthens the security culture across the workforce.
“Staff are very engaged. They are very aware of their community obligations. From a cyber security point of view, that translates into enthusiasm to support the mission.”
Ahead of his session at Security Edge on 8 October at the Grand Hyatt, Melbourne, he spoke with ADAPT’s Content Lead Justina Uy about Australia Post’s community mission, lessons in resilience from global crises, and the fundamentals every CISO must get right.
Lessons in resilience from global crises
Reflecting on his time at American Express during the 9/11 attacks, Adam recalled flying into New York to restore critical banking systems.
He said the experience reinforced the importance of coordination and trust during emergencies.
“Communications is the most important thing to recover. If you can’t communicate, you can’t coordinate.”
Bringing executives into the journey
Adam explained that success in cyber resilience also depends on engaging executives and boards with practical risk conversations.
He noted that leaders are receptive when the discussion is grounded in real threats to operations and customer trust.
“As long as the conversation is pragmatic and about real risks, boards are very tuned in.”
Start with the basics, then test yourself
Asked what CISOs should prioritise under resource constraints, Adam stressed the value of doing the fundamentals well and ensuring they actually work in practice.
“Most breaches happen because the basics are done poorly. Essential Eight is always a good starting point.”
Cyber leadership means developing people
For Adam, resilience is also about cultivating the next generation of cyber professionals.
He pointed to the growing talent shortage and the need for investment in young practitioners.
“Leadership is about people. How do we develop the talent pipeline within our teams and in the community to support the future of cyber defence.”
Key takeaways
- Anchor resilience in people, preparation, and clear communications.
- Keep boards engaged with transparent, pragmatic risk dialogue.
- Prioritise Essential Eight and test defenses against real adversary techniques.
- Recognise cyber leadership as building talent pipelines and preventing burnout.
- Treat resilience as both crisis response and long-term culture.
Hear more from Adam and other leading CISOs at Security Edge on 8 October in Melbourne.
150 enterprise and government security leaders will gather to share practical strategies for defending against today’s threats, rebuilding after major incidents, and sustaining leadership resilience in complex environments.